Return to previous menu
Navigate to project folder
A simple way to detect VirtualBox
WarGame / DooMRiderZ
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++ A simple way to detect VirtualBox by WarGame/DoomRiderz ++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1) Introduction 2) Theory & Code 3) Greetz 1) Introduction There are a lot of ways to detect virtualized env, here I will show only a simple trick to detect if you are running inside VirtualBox. This trick requires that guest additions (a component that let you exchange files between a virtualized system and the real one) are installed on the virtualized system because the detection is based on it. If you want to go deeper in VM detection look at http://www.invisiblethings.org/papers/redpill.html ! Now go to the real stuff 2) Theory & Code The detection can be done in two ways: 1) Check if VBoxHook.dll exists in the system (using LoadLibrary() for example) 2) Check if the pseudo-device \\.\VBoxMiniRdrDN exists in the system (you need CreateFile()) Here are listed two simple programs that demonstrate this: ---- detectVBox_1.c ---- /* Check if VBoxHook.dll exists */ #include <windows.h> int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { if(LoadLibrary("VBoxHook.dll") != NULL) { MessageBox(NULL,"VBox detected!","Warning",MB_OK|MB_ICONWARNING); } else { MessageBox(NULL,"Not inside VBox","Info",MB_OK|MB_ICONINFORMATION); } } --------- EOF ---------- ---- detectVBox_2.c ---- /* Check if \\.\VBoxMiniRdrDN exists */ #include <windows.h> int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { if(CreateFile("\\\\.\\VBoxMiniRdrDN",GENERIC_READ,FILE_SHARE_READ, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL) != INVALID_HANDLE_VALUE) { MessageBox(NULL,"VBox detected!","Warning",MB_OK|MB_ICONWARNING); } else { MessageBox(NULL,"Not inside VBox","Info",MB_OK|MB_ICONINFORMATION); } } --------- EOF ---------- 3) Greetz greetz to #eof-project,#virus,#vxcode @ undernet a special thx to MrAnderson for testing :D You can contact me at wargame89@yahoo.it or visit http://vx.netlux.org/wargamevx